In 1890, Samuel Warren and Louis Brandeis wrote "The Right to Privacy" for the Harvard Business Review and coined the term "the right to be alone". Simply put, the idea is that what we do is nobody's business but our own. And for that to work, appropriate social boundaries are required, and also the freedom to choose what we do, what we share and who has access to our information.
It may be that privacy is more important today than ever before. More than a century after the work written by Warren and Brandeis, the subject remains in debate, which had a considerable evolution with the approval, in the National Congress, of the General Law of Data Protection (LGPD).
Data scandals have become as epidemic as COVID-19. Trapped at home, people have come to understand the value of their data. Because everyone has been compelled to hand over information online for the sake of their children's school, family or work. Privacy regulations are no longer a differentiator for companies focused on winning customers. They have become urgent.
Now, brands need to act to build trust around privacy. But implementing the LGPD is not like installing an app. It requires profound changes, with all steps of the compliance journey structured into a Privacy Office programme.
Whatever the scenario, the programme enables the organisation to make a solid start on adequacy. The services include 6 steps:
LGPD Diagnosis
The adaptation to LGPD starts with the mapping of systems, personal data, support infrastructure, security controls and policies. In this way, personal data processing flows are documented, a data inventory is created, a gap analysis is prepared and an adequacy activity plan is drawn up.
Strategic privacy management following LGPD
The objective is to define, implement, monitor, critically analyse and continuously improve the organisation's privacy management system. Thus, it is possible to ensure the adequate funding of privacy operations, including risk analysis processes, definitions of roles and responsibilities, among others.
Data discovery and mapping
Data mapping is a critical component of LGPD compliance and also an important tool for visualizing information within a company. ISH offers data mapping tools that automate parts of the process, making it easier to understand where data is collected and whether it is being shared.
Fulfilling requisitions of holders
The LGPD guarantees rights to individuals (known in law as data subjects) to manage data that has been collected by an employer or other type of agency or organisation (in law, called data controllers or just controllers). At this stage of the Privacy Office, the framework for complying with these requirements is developed, which includes identifying the handling agents authorized to receive Data Subject Requests (DSRs) and managing the process for fulfilling these requests.
Data Operator Management
Controllers are the primary decision makers. They exercise overall control over the purposes and means of personal data processing. And when they do so in two or more, they are seen as joint controllers. Therefore, a service is needed to manage these operators. To ensure actions such as identifying the level of risk associated with each data operator, the documentation of instructions and processing standards for each operator, among others.
Awareness raising and training
The purpose is to disseminate, in the form of training sessions, the company's attitude towards privacy, as well as the responsibilities and duties of all those involved. The work includes the preparation of the communication plan for executives and the training and awareness-raising plan.
Has your company already adapted? Make a diagnosis here to understand what stage of the journey your organisation is at.